DEV Community

Cover image for Synth CDK app to Custom Bucket
Ivan Bliskavka
Ivan Bliskavka

Posted on • Updated on • Originally published at bliskavka.com

Synth CDK app to Custom Bucket

#aws #cloudformation #cdk #devops

Some AWS customers don't use the CLI, and will not grant an external contractor CLI access. Trying to get access is a waste of time and resources. Do not fear, there is a solution!

Summary

  1. Create a client specific staging bucket
  2. Share the bucket with the client account via Bucket Policy
  3. Synth the stack to the staging bucket
  4. Share template URL with client
  5. Client can install using the URL in CloudFormation web console with their own user credentials

App Staging Bucket Policy 

{
  "Sid": "MyClient",
  "Effect": "Allow",
  "Principal": {
      "AWS": [
          "arn:aws:iam::DEV_ACCOUNT_ID:root",
          "arn:aws:iam::PROD_ACCOUNT_ID:root"
      ]
  },
  "Action": [
      "s3:GetObject",
      "s3:GetObjectVersion"
  ],
  "Resource": "arn:aws:s3:::app-staging-bucket/*"
}
Enter fullscreen mode Exit fullscreen mode

Usage

  1. Install CDK Assets npm i -D cdk-assets

  2. Customize the stack synthesizer to use your custom staging bucket

    const app = new cdk.App();

new MyApp(app, 'template', {
  someParam: 'someValue',
  synthesizer: new DefaultStackSynthesizer({
    fileAssetsBucketName: 'app-staging-bucket',

    // Use a custom role which has access to the asset bucket
    fileAssetPublishingRoleArn: 'my-client-staging-role',

    // Consider using a build date or version
    bucketPrefix: '2.4.1',

    // The client account does not need to be bootstrapped
    generateBootstrapVersionRule: false,
  }),
});

app.synth();

  3. Run cdk synth to generate your assets.

  4. Modify cdk.out/template.assets.json to make the template file name more predictable

    • find entry with sourcePath=template.template.json
    • modify its objectKey to something like 2.4.1/template.json
    • (you should probably write some code to automate this)

  5. Run cdk-assets -v -p ./cdk.out/template.assets.json publish

  6. Share your template URL with the client. It will look something like:

    https://app-staging-bucket.s3.amazonaws.com/2.4.1/template.json

  7. Client can install the app using the CloudFormation web console.

Simpler Template Output

Not sure what the side-effects of these are, but this produces a simpler template with less CDK metadata.

cdk synth --path-metadata false --version-reporting false

cdk.json 

{
  "context": {
    "@aws-cdk/core:newStyleStackSynthesis": false,
  }
}
Enter fullscreen mode Exit fullscreen mode

Conclusion

This has been very helpful for creating installers that are accessible to non-developers and usable in beginner AWS environments. I hope it save you some head-scratching!

Originally posted on my blog

Top comments (0)

Read next

rksalo88 profile image

Learning AWS Day by Day — Day 16 — Virtual Private Cloud (VPC)

Saloni Singh -

malaquf profile image

Simple and Cost-Effective Testing Using Functions

Felipe Malaquias -

vivekalhat profile image

AWS IAM: Understanding The Essentials

Vivek Alhat -

codegirl0101 profile image

How to deploy next js project on Linux Server with Ngnix and pm2

codegirl -